SecureTeam

Microsoft Patches Critical Zero-Day Vulnerabilities

Microsoft’s August patch Tuesday security update included fixes for 138 vulnerabilities, 17 of which were classified as ‘Critical’ flaws. The security patches issued cover 40 different Microsoft and Windows products and features, including critical Windows system operations, and popular applications such as Microsoft Edge, Microsoft Office, and the Microsoft Exchange Server. Two zero-day vulnerabilities were […]

Microsoft Patches Critical Zero-Day Vulnerabilities Read More »

VMware Patch Critical Authentication Bypass Flaw

News, Vulnerabilities / Ian Reynolds

VMware released a critical security advisory this week to warn users of security vulnerabilities that have been found in a variety of their systems. VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation products have all received security patches to deal with these vulnerabilities. VMware advise all users that it

VMware Patch Critical Authentication Bypass Flaw Read More »

Critical Confluence Vulnerability Exploited in the Wild

News, Vulnerabilities / Ian Reynolds

A vulnerability in Atlassian’s Questions for Confluence app has been found that includes hardcoded credentials that remote attackers can exploit to access the Confluence Server or Confluence Data Center it is hosted on. The versions of Questions for Confluence with this vulnerability unpatched are 2.7.34, 2.7.35, and 3.0.2. Atlassian have released a security advisory rating

Critical Confluence Vulnerability Exploited in the Wild Read More »

Publicly Disclosed Windows Vulnerability Patched

News, Vulnerabilities / Ian Reynolds

An actively exploited Windows Client Server Runtime Subsystem (CSRSS) vulnerability was one of 84 patched in this week’s Microsoft patch Tuesday. First discovered by the Microsoft Threat intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC), CVE-2022-22047 is tracked as a ‘High’ severity vulnerability, with a CVSS rating of 7.8/10. It affects devices running Windows

Publicly Disclosed Windows Vulnerability Patched Read More »

ZuoRAT Malware Targets Home-Office Routers

News, Vulnerabilities / Ian Reynolds

A multistage remote access trojan (RAT), known as ZuoRAT, has been specifically developed to attack small office/home office (SOHO) routers. These devices have been more frequently used for work since the increase in home-working in 2020 due to the Covid-19 global pandemic. It is suspected that this attack has been going undetected for the past

ZuoRAT Malware Targets Home-Office Routers Read More »

Microsoft Patches Linux Cluster Bug

News, Vulnerabilities / Ian Reynolds

The Microsoft Security Response Centre released a blog post this week about a Service Fabric (SF) Linux Cluster vulnerability. This bug has been identified on both Linux and Windows operating systems, however Microsoft claims only Linux is vulnerable to attack. This vulnerability was published as CVE-2022-30137 by Microsoft earlier this month. Azure Service Fabric is a distributed systems

Microsoft Patches Linux Cluster Bug Read More »

Log4Shell (still) actively exploited on VMware Systems

Articles, Information Assurance / Ian Reynolds

The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) released a joint security advisory last week to warn of the active exploitation of CVE-2021-44228. This vulnerability is commonly known as Log4j, or Log4Shell because it gives attackers a shell that allows them to remotely access internet facing Log4j devices.

Log4Shell (still) actively exploited on VMware Systems Read More »

Vulnerability reported on QNAP NAS Devices

News, Vulnerabilities / Ian Reynolds

A Security Advisory was published by QNAP on Wednesday to advise their customers of the status of Remote Code Execution vulnerability that affects many of their products. The vulnerability is in the versions of PHP which ship as part of the QNAP operating system. The vulnerability affects devices running: QTS 5.0.x and later QTS 4.5.x

Vulnerability reported on QNAP NAS Devices Read More »

Cisco Small Business Routers Vulnerable to Attack

News, Vulnerabilities / Ian Reynolds

A zero-day vulnerability with a critical 9.8/10 severity rating has been identified in four Cisco Small Business RV Series Routers. These vulnerable products are RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router. These routers are listed as end-of-life products, and so Cisco have stated that they

Cisco Small Business Routers Vulnerable to Attack Read More »

CISA Warn of 40 New Actively Exploited Cybersecurity Vulnerabilities This Month So Far

Articles, Information Assurance / Ian Reynolds

Last week saw the addition of 39 known exploited cybersecurity vulnerabilities to the CISA catalogue, bringing the total added in June so far to 40. The Cybersecurity and Infrastructure Security Agency (CISA), a branch of the US government, released an alert on Wednesday, to make people aware of the threats posed by these vulnerabilities, which

CISA Warn of 40 New Actively Exploited Cybersecurity Vulnerabilities This Month So Far Read More »

vulnerability management

Microsoft Patches Critical Zero-Day Vulnerabilities

VMware Patch Critical Authentication Bypass Flaw

Critical Confluence Vulnerability Exploited in the Wild

Publicly Disclosed Windows Vulnerability Patched

ZuoRAT Malware Targets Home-Office Routers

Microsoft Patches Linux Cluster Bug

Log4Shell (still) actively exploited on VMware Systems

Vulnerability reported on QNAP NAS Devices

Cisco Small Business Routers Vulnerable to Attack

CISA Warn of 40 New Actively Exploited Cybersecurity Vulnerabilities This Month So Far

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch